Throttling and SafeVPN

James Knott james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Fri May 9 19:32:56 UTC 2008


William O'Higgins Witteman wrote:
> On Fri, May 09, 2008 at 03:15:05PM -0400, James Knott wrote:
>> Lennart Sorensen wrote:
>>> On Fri, May 09, 2008 at 01:10:37AM -0400, JoeHill wrote:
>>>> Saw this when digging around re this whole throttling issue:
>>>>
>>>> http://safevpn.net/
>>>>
>>>> Anyone have any thoughts or experience with this kind of service? How difficult
>>>> would it be for a community to set something like this up for themselves?
>>> Some ISPs are throthling all encrypted traffic, making VPNs work very
>>> badly (annoying people trying to work remotely when at home trying to
>>> reach the office).
>>>
>> With OpenVPN, you can use almost any UDP or TCP port, which makes it  
>> difficult for an ISP to identify it as a VPN.
> 
> The ISPs are not *trying* to piss off VPN users - they are trying to
> throttle torrents.  Since a great deal of torrent traffic is now
> encrypted, the ISPs do traffic shaping based on encryption, because they
> do not know what service might be encrypted.  Similar to VPN, if you are
> doing work via SSH you will see throttling - making SCP and SSHFS very
> tiresome to use where they were previously very convenient.

My point was that many VPNs use standard ports, making identification 
easy.  On the other hand, if you pick some obscure UDP port for OpenVPN, 
the ISP then has to start analyzing data, to see if it can recognize 
encryption.  With a string of independent UDP packets, how do you 
identify encryption vs unrecognizable data?



-- 
Use OpenOffice.org <http://www.openoffice.org>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list